-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathplaybook-provision-prerelease.yml
More file actions
146 lines (133 loc) · 5.62 KB
/
playbook-provision-prerelease.yml
File metadata and controls
146 lines (133 loc) · 5.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
- name: (linux) (prerelease) Install CrowdStrike Falcon and NRIA from prod bucket
hosts: linux
become: true
gather_facts: no
strategy: linear
vars:
ansible_aws_ssm_timeout: 900
ansible_aws_ssm_retries: 10
tasks:
- name: Establish initial connection to host
block:
- name: Wait for connection to be available
wait_for_connection:
delay: 10
timeout: 300
connect_timeout: 60
register: initial_connection
- name: Verify connection with ping
ansible.builtin.ping:
rescue:
- name: Reset connection on initial failure
ansible.builtin.meta: reset_connection
- name: Retry connection with extended timeout
wait_for_connection:
delay: 20
timeout: 600
connect_timeout: 120
retries: 5
delay: 60
register: retry_connection
until: retry_connection is succeeded
- name: Gather facts for first time
ansible.builtin.setup:
- name: Ensure 'which' command is installed
ansible.builtin.package:
name: which
state: present
when: ansible_distribution == 'Rocky'
# - name: Install crowdstrike falcon
# ansible.builtin.include_role:
# name: caos.ansible_roles.install_crowdstrike_falcon
# vars:
# falcon_client_id: "{{ lookup('env', 'CROWDSTRIKE_CLIENT_ID') }}"
# falcon_client_secret: "{{ lookup('env', 'CROWDSTRIKE_CLIENT_SECRET') }}"
# falcon_customer_id: "{{ lookup('env', 'CROWDSTRIKE_CUSTOMER_ID') }}"
# api_base_url: "https://api.laggar.gcw.crowdstrike.com"
- name: Install newrelic-infra agent with retry logic
block:
- name: Install newrelic-infra agent
ansible.builtin.include_role:
name: caos.ansible_roles.newrelic_cli
vars:
repo_endpoint: "https://nr-downloads-main.s3.amazonaws.com/"
recipe: "newrelic-infra"
region: "{{ lookup('ansible.builtin.env', 'NEW_RELIC_REGION') }}" # US | EU | STAGING
nr_api_key: "{{ lookup('ansible.builtin.env', 'NEW_RELIC_API_KEY') }}"
nr_account_id: "{{ lookup('ansible.builtin.env', 'NEW_RELIC_ACCOUNT_ID') }}"
rescue:
- name: Log installation failure for observability
ansible.builtin.debug:
msg: "WARNING: newrelic-infra installation failed on {{ inventory_hostname }}. Retrying in 30s..."
- name: Wait before retry
ansible.builtin.pause:
seconds: 30
- name: Retry newrelic-infra agent installation
ansible.builtin.include_role:
name: caos.ansible_roles.newrelic_cli
vars:
repo_endpoint: "https://nr-downloads-main.s3.amazonaws.com/"
recipe: "newrelic-infra"
region: "{{ lookup('ansible.builtin.env', 'NEW_RELIC_REGION') }}" # US | EU | STAGING
nr_api_key: "{{ lookup('ansible.builtin.env', 'NEW_RELIC_API_KEY') }}"
nr_account_id: "{{ lookup('ansible.builtin.env', 'NEW_RELIC_ACCOUNT_ID') }}"
- name: Log successful retry
ansible.builtin.debug:
msg: "SUCCESS: newrelic-infra installation completed after retry on {{ inventory_hostname }}"
- name: Install fluent-bit from GH prerelease
hosts: linux
strategy: free
vars:
ansible_aws_ssm_timeout: 900
ansible_aws_ssm_retries: 10
node_version: 16.14.0
# The following information is populated using the gathered inventory variables
fluent_bit_package_name: "{{ tags.fb_package_name }}"
pre_release_name: "{{ tags.pre_release_name }}"
fb_version: "{{ tags.fb_version }}"
os_distro: "{{ tags.os_distro }}"
os_version: "{{ tags.os_version }}"
arch: "{{ tags.arch }}"
# Value set in versions/common.yml (nrFbOutputPluginVersion) and can be overridden via extra vars (-e nr_fb_output_plugin_version=<version>)
nr_fb_output_plugin_version: "{{ nr_fb_output_plugin_version }}"
# The following vars are injected in the fargate task env
new_relic_api_key: "{{ lookup('ansible.builtin.env', 'NEW_RELIC_API_KEY') }}"
new_relic_account_id: "{{ lookup('ansible.builtin.env', 'NEW_RELIC_ACCOUNT_ID') }}"
new_relic_region: "{{ lookup('ansible.builtin.env', 'NEW_RELIC_REGION') }}"
environment:
NEW_RELIC_API_KEY: "{{ new_relic_api_key }}"
NEW_RELIC_ACCOUNT_ID: "{{ new_relic_account_id }}"
NEW_RELIC_REGION: "{{ new_relic_region }}"
tasks:
- name: Establish connection to host
block:
- name: Wait for connection to be available
wait_for_connection:
delay: 15
timeout: 600
connect_timeout: 60
rescue:
- name: Reset connection on failure
ansible.builtin.meta: reset_connection
- name: Retry connection with extended timeout
wait_for_connection:
delay: 20
timeout: 600
connect_timeout: 120
retries: 5
delay: 60
register: retry_connection
until: retry_connection is succeeded
- name: Install Fluent Bit package to be tested for this distro
ansible.builtin.include_role:
name: install_fluent_bit_from_gh_prerelease
vars:
fb_package_name: "{{ fluent_bit_package_name }}"
gh_prerelease_tag: "{{ pre_release_name }}"
when: pre_release_name is not regex('^local-.*')
- name: Install NR Fluent Bit output
ansible.builtin.include_role:
name: install_nr_fluent_bit_output
vars:
plugin_arch: "{{ (arch == 'x86_64' or arch == 'amd64') | ternary('amd64','arm64') }}"
plugin_version: "{{ nr_fb_output_plugin_version }}"